In an era of growing geopolitical tensions, and cyber risks, Belgium’s Centre for Cybersecurity (CCB) is increasingly at the forefront of efforts to protect Belgian citizens and businesses from cyber attacks. Director General Miguel De Bruycker and Phedra Clouner, deputy director general of the CCB, lead the centre’s efforts to protect citizens, organisations and their information from increasingly complex cyber threats.
In an interview with The Brussels Times on the sidelines of the InCyber cybersecurity forum in Lille, France on 2 April, Clouner spoke about the role of the centre, which operates under the direct authority of the Prime Minister. Established in 2014, the CCB is responsible for unifying Belgium’s cyber resilience efforts. The centre was established amid growing concerns over cyber threats and attacks against Belgian companies and critical infrastructure.
Today, the CCB is responsible for Belgium’s cybersecurity strategy, managing crises, information sharing, awareness, developing standards and practical guides on cyber security, as well as implementing crucial European regulations such as the recent NIS2 directive, which mandates cybersecurity measures for companies that form part of the critical infrastructure and essential operators of the European Union.
Like many European countries, Belgium has been a repeat target for major cyberattacks, both by state and private actors. In December 2021, a major Chinese state-backed cyberattack cost the Defence Ministry €2.25 million in damages. Just last week, Russian hacktivisits temporarily took down the government portal MyGov.be. It is the CCB which is the one of the first lines of defence and the emergency point of contact for critical infrastructure and companies that find themselves under attack.
'We target everyone'
Its Cyber Emergency Response Team (CERT) provides urgent assistance to companies in distress. "We are the firefighters of Belgian cyberspace," said Clouner. Similarly, the Cyber Threat Research & Intelligence Sharing (CyTRIS) undertakes analyses of cyber threats to map its impact on Belgium’s critical infrastructure, working to build strategies to contain its spread and neutralise the threat.
The CCB works closely with all stakeholders across Belgium, both in the public and private sector. Much of their work, Clouner said, is spent on awareness campaigns for the public. “We target everyone in Belgium: citizens, private companies, public entities, critical infrastructure and NIS entities,” Clouner explained.
Center for cyber security in Belgium. Credit: Belga / Hatim Kaghat
One of the CCB’s most successful initiatives is Safeonweb.be, a public awareness platform that has quickly become the national reference for cybersecurity.
"Around 70-80% of Belgium's adult population knows Safeonweb," Clouner noted proudly. Citizens actively contribute to cybersecurity through this portal, reporting suspicious emails to suspect@safeonweb.be. The results have been impressive: approximately 10 million suspicious emails are reported annually, enabling the CCB to swiftly warn users before they click onto malicious sites, thereby preventing their damage.
Despite high-profile stories about espionage and state-sponsored cyber-attacks, Clouner emphasized that cybercrime is primarily motivated by financial gain. Cybercriminals, who defrauded Belgians of €40 million in phishing attacks alone in 2023, according to statistics from the CCB, remain a priority target of the centre.
Phishing alone accounts for around 80% of cyber incidents. Recognising these risks, Clouner warned, is crucial to preventing fraud. “It’s really simple to implement two factor authentication… It’s simple advice, but it’s so efficient,” she said.
'You are infected'
The CCB spends much of its resources on targeted warnings to companies that form part of Belgium's critical infrastructure. Many of these are private companies, some in fields of critical importance such as healthcare.
In 2022, several hospital operators, especially in Wallonia, found themselves victim of an intricate ransomware attack, which threatened to publish 400 GB of patient data. The attack crippled hospital systems, blocking healthcare practitioners from patient records and even affecting backups. It is the centre’s responsibility to attempt to prevent such widespread attacks before they can happen.
The agency provides annual vulnerability scans free of charge to help institutions identify and patch their weaknesses, even if they are not part of Belgium’s critical cyber-infrastructure.
"We are monitoring in a really precise way all the threats against Belgium. If there is an incident, at a hospital for example, the CERT helps them to mitigate the attack, give advice on how to restore data, but also to send out spear warnings to other vulnerable organisations, those that are infected. We send a targeted warning: be aware, you are infected, vulnerable. You need to implement measures," Clouner said.
Worker at the Centre for Cyber security in Belgium (CCB). Credit: Belga / Hatim Kaghat
Clouner offered some practical advice for businesses looking to protect their data. For organisations looking to enhance their cybersecurity resilience, Clouner said the CCB provides Safeonweb@Work, a dedicated platform offering tailored cybersecurity resources.
Companies receive security alerts, free tools, and practical guidance on defending against common vulnerabilities. Ultimately, Clouner believes that cybersecurity does not necessarily require advanced knowledge or substantial resources to be effective. "Zero risk doesn't exist," she admitted, "but small actions dramatically reduce threats."
International stage
The CCB recommended a series of practical measures all Belgians should adopt: notably recognising phishing scams, enabling two-factor authentication, updating software regularly, maintaining proper backups, and educating themselves and their teams about cyber threats.
Belgium is also making notable progress on the international cybersecurity stage.
The cybersecurity framework created by the CCB, known as the Cyber Fundamentals, has garnered international attention and is currently being adopted by countries like Romania and Ireland. "We do a lot of collaboration with countries in Europe, but not only," Clouner said. "We also share ideas. They are really interested in Safeonweb and we share information in an efficient way."
Another key responsibility for the CCB involves coordinating the allocation of European Union funds for cybersecurity innovation and research. Belgium is attempting to position itself as a cybersecurity hub, with notable investments being made across the country. A new €20 million European Cybersecurity Centre of Excellence is being constructed in Transinne, which aims to help centralise Wallonia’s position as a cybersecurity hub.
French-speaking Belgium's investments and major stakeholders played a pivotal role in the InCyber Forum, with Wallonia operating an impressive stand in the main hall of the conference. Belgium was notably represented by leading French-speaking companies active in the cybersecurity sphere such as Approach Cyber, ESIA, Nexova, Ozoos and Red System.
Related News
- Flanders plans to create its own cybersecurity centre
- European Commission announces €1.3-billion allocation for strategic technologies
- Belgian intelligence loses private data to Chinese hackers
The French-speaking region promoted its Cyberwal initiative, which aims to strengthen cybersecurity across Walloon, partnering with small and medium-sized enterprises and promoting digital solutions across Wallonia.
Cybersecurity is a burgeoning field. Clouner said that she had noticed growing enthusiasm from Belgian students in the field, which is one of the most in-demand profiles sought in the country. This is driven by close cooperation between the CCB and leading universities across Belgium.
"In March, over 1,000 students participated in the qualifiers for the national Cybersecurity Challenge," said Clouner. “During the final of the challenge, last weekend, we had around 150 Belgian students. They were really eager to participate in this challenge.”
There is an acute need for new cybersecurity specialists across Europe, with just less than a third of companies reporting that they were facing a shortage of cybersecurity professionals for their businesses. The CCB is actively recruiting new candidates to join its ranks and boost Belgium’s cybersecurity capabilities.
